Windows 10: Windows defender VDI onboarding to Security Center and now VM's don't display defender...

Discus and support Windows defender VDI onboarding to Security Center and now VM's don't display defender... in AntiVirus, Firewalls and System Security to solve the problem; We're running a non-persistent VDI pool with FileShares as the definition update source. This has been working fine until we added the Startup script... Discussion in 'AntiVirus, Firewalls and System Security' started by DaveBaker1, Apr 22, 2021.

  1. DAVEBAKER1
    DaveBaker1 Win User

    Windows defender VDI onboarding to Security Center and now VM's don't display defender...


    We're running a non-persistent VDI pool with FileShares as the definition update source. This has been working fine until we added the Startup script which onboards the VM's into Azure Defender Security Center. I've used the powershell 'single entry' method described here:


    Onboarding VDI devices


    However, the child VM's are no longer displaying their status or last update time - the engine just egg timers and the log file mplog.log shows these entries:


    Windows defender VDI onboarding to Security Center and now VM's don't display defender... 39f8191e-0235-460a-9340-d30209598392?upload=true.jpg


    Windows Defender Antivirus 77BDAF73-B396-481F-9042-AD358843EC24 Service Log

    Started On 04-22-2021 17:24:12

    ************************************************************

    OS install time: 03/01/2021 15:26:23.0 UTC

    Current time: 04/22/2021 15:24:12.398459700 UTC 1233875 ms since boot

    2021-04-22T15:24:12.398Z ProductId: 2, ProductFeature: 0, LaunchedProtected: 3, IsWcos: 0, IsContainerOs: 0, DirtyShutdownDetected: 0, PassiveRemediation: 0, IsHybridModePolicyEnabled: 0

    2021-04-22T15:24:12.418Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: MpWppTracing-20210422-172412-00000003-ffffffff.bin ...

    2021-04-22T15:24:12.431Z [WPP] Trace session started - MpWppTracing-20210422-172412-00000003-ffffffff.bin

    2021-04-22T15:24:12.431Z OS Build/Branch info: 18362.1.amd64fre.19h1_release.190318-1202

    2021-04-22T15:24:12.433Z MpReinforceExclusionsAcls hr = 0x0

    2021-04-22T15:24:12.433Z [PlatUpd] Service launched successfully from: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0

    2021-04-22T15:24:12.448Z [PlatUpd] MpManagementUpdateHandler: starting update for install path %ProgramData%\Microsoft\Windows Defender\platform\4.18.2101.9-0.

    2021-04-22T15:24:12.448Z [PlatUpd] MpManagementUpdateHandler: calling MpUpdateManagement

    2021-04-22T15:24:12.448Z [PlatUpd] MpUpdateManagement: Management platform update started for components 3

    2021-04-22T15:24:12.448Z [PlatUpd] CSP platform update started

    2021-04-22T15:24:12.448Z [PlatUpd] Defender MDM CSP platform update not required

    2021-04-22T15:24:12.448Z [PlatUpd] WMI/PS provider platform update started

    2021-04-22T15:24:12.448Z [PlatUpd] WMI/PS provider platform update not required

    2021-04-22T15:24:12.448Z [PlatUpd] MpUpdateManagement: Management platform update completed

    2021-04-22T15:24:12.448Z [PlatUpd] MpCheckAndUpdateBinaryLocationTo%ProgramData%\Microsoft\Windows Defender\platform\4.18.2101.9-0: 7 items checked, 0 required update. hrMui: 0x00000001 hrEtw: 0x00000000

    2021-04-22T15:24:12.448Z RegisterSModeChangeListener: hr = 0x1

    2021-04-22T15:24:12.448Z RegisterHybridModeChangeListener: hr = 0x1

    2021-04-22T15:24:12.603Z Passive Mode Registry key changed from 1 to 1

    2021-04-22T15:24:12.603Z SENSE is enabled and product disabled. Enabling product in passive mode.

    2021-04-22T15:24:12.603Z Service is asked to be reenabled.

    Product disabled...Stopping service

    2021-04-22T15:24:12.606Z Task-DisableService launched as PPL process

    2021-04-22T15:24:13.040Z Service stop requested ServiceError: 0x0. Calling CleanupMpService ...

    Windows Defender Antivirus 77BDAF73-B396-481F-9042-AD358843EC24 Log

    Stopped On 04-22-2021 17:24:13 Exit Code = 0x0

    ************************************************************


    I don't understand what the enrolment does - I assumed it juust makes the VM's manageable /report into Azure, but it appears to change the way they fetch updates? Any help on this please?

    :)
     
    DaveBaker1, Apr 22, 2021
    #1
  2. BORG 386
    Borg 386 Win User

    windows defender & security center services keep turning off


    Are you running any other AV or did you have one running in the past? If you didn't use an uninstaller for the AV, then the remnants of it could be causing the problem. Normally any time you install an AV it disables Defender by default.

    If you are getting any error codes please list those, that will be helpful in helping you.

    As torre suggested, might be a good idea to do a reset or even a reinstall.

    Reset Windows 10 - Windows 10 Forums

    Windows 10 - Clean Install - Windows 10 Forums

    There are also some suggestions listed here:

    Unable to turn on Windows Defender in Windows 7 / 8 / 10

     
    Borg 386, Apr 22, 2021
    #2
  3. JAMES_27G
    james_27G Win User
    Windows defender security center problem

    When I try to start the windows defender security center the antimalware service executable starts up and uses up to 98% CPU. I have tried to change proxy restart defender and many suggested steps and also went to windows deffender online to do a scan
    that way but no malware came up. The problem still persists. Does anyone know what to do in this situation? I just want my security to run properly but I cant even get to the menus.
     
    james_27G, Apr 22, 2021
    #3
  4. RPMTL
    RPmtl Win User

    Windows defender VDI onboarding to Security Center and now VM's don't display defender...

    Defender Security Center displays at Windows launch

    I did a check in the Task Scheduler and there's nothing suspicious in there. Ran system file check (DISM.exe and sfc /scannow) which found no errors nor integrity violations. Stopped and restarted Defender. The only defender item that lacks a green check mark is the 'Family options' that I'm not interested in configuring and enabling.

    I'll look closer but it seems that all the settings are identical to the other 2 updated systems which do not display the Windows Defender Security Center when Windows launches.
     
    RPmtl, Apr 22, 2021
    #4
Thema:

Windows defender VDI onboarding to Security Center and now VM's don't display defender...

Loading...

  1. Windows defender VDI onboarding to Security Center and now VM's don't display defender... - Similar Threads - defender VDI onboarding

  2. Windows Defender and VDI

    in AntiVirus, Firewalls and System Security
    Windows Defender and VDI: HI I am using Windows Defender on my test VDI Environment which is based on Citrix Virtual Desktop and Application. The problem is Windows defender behavior seems not to be working after running the application from a VDI image. I add a test malware but defender did not...

  3. Windows Defender Security Center

    in AntiVirus, Firewalls and System Security
    Windows Defender Security Center: My Windows Defender Security Center is not working. There are no options like virus & threat protection and others. https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-security-center/2f1968ec-0098-4aae-b4c5-ef25f94f5cc6"

  4. Windows Defender Security Center

    in AntiVirus, Firewalls and System Security
    Windows Defender Security Center: Hi, Every time I connect to VPN(Client Network) from My personal laptop I get windows defender security center popup- Its shows all as green but yet it continuously pop up. I can not type a mail or do anything else. It happens only when VPN connection is done. I tried to...

  5. Windows Defender Security Center

    in AntiVirus, Firewalls and System Security
    Windows Defender Security Center: I have a problem with access to Windows Defender settings. I am not able to turn application and file checking on. It says that in order to change the setting I have to be an administrator but I am already an administrator. I am sorry for this being written in Croatian. I...

  6. Windows Defender Security Center

    in AntiVirus, Firewalls and System Security
    Windows Defender Security Center: I keep getting notification that threats has been found, "Windows anti virus protection found threats. Get details. When I click on the message or manual open the defender center I get the message there are no current threats and the center is locked up. I have rebooted...

  7. Windows Defender Security Center

    in AntiVirus, Firewalls and System Security
    Windows Defender Security Center: Under Virus & Threat protection I click on learn more and it then goes to sign in. When I try to sign it tell me This doesn't look like a work or school email. You can't sign in here with a personal account. Use your work or school account instead This is a personal...

  8. Windows Defender Security Center

    in AntiVirus, Firewalls and System Security
    Windows Defender Security Center: When I boot my system (Windows 10 Home Ed.) "Windows Defender Security Center" always pops up windowed (not minimised). is this normal (I can't remember that it was always like this) and can I do something about it so that it starts minimised ? 112234

  9. Defender Security Center displays at Windows launch

    in AntiVirus, Firewalls and System Security
    Defender Security Center displays at Windows launch: (I'm not sure if this is the best section to post this.) After updating 3 systems with Windows 10 Fall Creator's Update (1709) Windows Defender Security Center displays whenever Windows launches at bootup and I then have to close the interface. Previously it would be...

  10. Windows Defender Security Center

    in AntiVirus, Firewalls and System Security
    Windows Defender Security Center: When booting my Window 10 (Home Edition) the "Windows Defender Security Center" program starts no longer minimized as it used to be. I don't know what caused this or what can I do about this. I know this isn't a big deal but it some could help me remedy this I would be most...